cabecada/gist:1aa907aed2afb22ae68cefec2be2da0a

## gistfile1.txt
postgres@pg:~/poc/patroni$ git status
On branch master
Your branch is up to date with 'origin/master'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
        modified:   Dockerfile.citus
        modified:   docker-compose-citus.yml
        modified:   postgres0.yml
        modified:   postgres1.yml
        modified:   postgres2.yml

Untracked files:
  (use "git add <file>..." to include in what will be committed)
        ssl-cert-snakeoil.key
        ssl-cert-snakeoil.pem

no changes added to commit (use "git add" and/or "git commit -a")
postgres@pg:~/poc/patroni$ pwd
/var/lib/postgresql/poc/patroni
postgres@pg:~/poc/patroni$ git remote
origin
postgres@pg:~/poc/patroni$ git remote -v
origin  https://github.com/zalando/patroni.git (fetch)
origin  https://github.com/zalando/patroni.git (push)

#i copied the snake certs from the build to host and then copied them back for each pg container

postgres@pg:~/poc/patroni$ git diff Dockerfile.citus
diff --git a/Dockerfile.citus b/Dockerfile.citus
index 6f02215..59a1988 100644
--- a/Dockerfile.citus
+++ b/Dockerfile.citus
@@ -16,6 +16,17 @@ ARG LANG

 ENV ETCDVERSION=3.3.13 CONFDVERSION=0.16.0

+COPY ssl-cert-snakeoil.key $PGHOME/
+COPY ssl-cert-snakeoil.pem $PGHOME/
+COPY ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.key
+COPY ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
+
+RUN chmod 0640 /etc/ssl/certs/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem
+RUN chown postgres /etc/ssl/certs/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem
+
+
+WORKDIR $PGHOME
+
 RUN set -ex \
     && export DEBIAN_FRONTEND=noninteractive \
     && echo 'APT::Install-Recommends "0";\nAPT::Install-Suggests "0";' > /etc/apt/apt.conf.d/01norecommend \
@@ -82,6 +93,10 @@ RUN set -ex \
             > /usr/local/bin/confd && chmod +x /usr/local/bin/confd; \
     fi \
     # Prepare client cert for HAProxy
+    && cat ${PGHOME}/ssl-cert-snakeoil.key > /etc/ssl/private/ssl-cert-snakeoil.key \
+    && cat ${PGHOME}/ssl-cert-snakeoil.pem > /etc/ssl/certs/ssl-cert-snakeoil.pem \
+    && chmod 0640 /etc/ssl/private/ssl-cert-snakeoil.key \
+    && chmod 0640 /etc/ssl/certs/ssl-cert-snakeoil.pem \
     && cat /etc/ssl/private/ssl-cert-snakeoil.key  /etc/ssl/certs/ssl-cert-snakeoil.pem > /etc/ssl/private/ssl-cert-snakeoil.crt \
 \
     # Clean up all useless packages and some files
@@ -171,6 +186,13 @@ COPY extras/confd/conf.d/haproxy.toml /etc/confd/conf.d/
 COPY extras/confd/templates/haproxy-citus.tmpl /etc/confd/templates/haproxy.tmpl
 COPY patroni*.py docker/entrypoint.sh /
 COPY postgres?.yml $PGHOME/
+COPY ssl-cert-snakeoil.key $PGHOME/
+COPY ssl-cert-snakeoil.pem $PGHOME/
+COPY ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.key
+COPY ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
+
+RUN chmod 0640 /etc/ssl/certs/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem
+RUN chown postgres /etc/ssl/certs/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem

 WORKDIR $PGHOME

then build multiple pg versions

docker build -f Dockerfile.citus -t patroni-citus-16 --build-arg="PG_MAJOR=16" .
docker build -f Dockerfile.citus -t patroni-citus-15 --build-arg="PG_MAJOR=15" .


# then mix docker-compose with pg16 pg15
postgres@pg:~/poc/patroni$ git diff docker-compose-citus.yml
diff --git a/docker-compose-citus.yml b/docker-compose-citus.yml
index da71c50..4529a3d 100644
--- a/docker-compose-citus.yml
+++ b/docker-compose-citus.yml
@@ -16,7 +16,7 @@ networks:

 services:
     etcd1: &etcd
-        image: ${PATRONI_TEST_IMAGE:-patroni-citus}
+        image: patroni-citus-15
         networks: [ demo ]
         environment:
             ETCD_LISTEN_PEER_URLS: http://0.0.0.0:2380
@@ -42,7 +42,7 @@ services:
         command: etcd --name etcd3 --initial-advertise-peer-urls http://etcd3:2380

     haproxy:
-        image: ${PATRONI_TEST_IMAGE:-patroni-citus}
+        image: patroni-citus-15
         networks: [ demo ]
         env_file: docker/patroni.env
         hostname: haproxy
@@ -63,7 +63,7 @@ services:
             PGSSLROOTCERT: /etc/ssl/certs/ssl-cert-snakeoil.pem

     coord1:
-        image: ${PATRONI_TEST_IMAGE:-patroni-citus}
+        image: patroni-citus-15
         networks: [ demo ]
         env_file: docker/patroni.env
         hostname: coord1
@@ -74,7 +74,7 @@ services:
             PATRONI_CITUS_GROUP: 0

     coord2:
-        image: ${PATRONI_TEST_IMAGE:-patroni-citus}
+        image: patroni-citus-15
         networks: [ demo ]
         env_file: docker/patroni.env
         hostname: coord2
@@ -84,7 +84,7 @@ services:
             PATRONI_NAME: coord2

     coord3:
-        image: ${PATRONI_TEST_IMAGE:-patroni-citus}
+        image: patroni-citus-15
         networks: [ demo ]
         env_file: docker/patroni.env
         hostname: coord3
@@ -95,7 +95,7 @@ services:


     work1-1:
-        image: ${PATRONI_TEST_IMAGE:-patroni-citus}
+        image: patroni-citus-15
         networks: [ demo ]
         env_file: docker/patroni.env
         hostname: work1-1
@@ -106,7 +106,7 @@ services:
             PATRONI_CITUS_GROUP: 1

     work1-2:
-        image: ${PATRONI_TEST_IMAGE:-patroni-citus}
+        image: patroni-citus-15
         networks: [ demo ]
         env_file: docker/patroni.env
         hostname: work1-2
@@ -117,7 +117,7 @@ services:


     work2-1:
-        image: ${PATRONI_TEST_IMAGE:-patroni-citus}
+        image: patroni-citus-16
         networks: [ demo ]
         env_file: docker/patroni.env
         hostname: work2-1
@@ -128,7 +128,7 @@ services:
             PATRONI_CITUS_GROUP: 2

     work2-2:
-        image: ${PATRONI_TEST_IMAGE:-patroni-citus}
+        image: patroni-citus-16
         networks: [ demo ]
         env_file: docker/patroni.env
         hostname: work2-2

 docker-compose -f docker-compose-citus.yml up

 ....

 postgres@pg:~$ cd /tmp/certs
postgres@pg:/tmp/certs$ #psql "sslmode=verify-ca sslrootcert=server.crt sslcert=server.crt sslkey=server.key hostaddr=127.0.0.1 port=5000"
postgres@pg:/tmp/certs$ ls
server.crt  server.key


###
postgres@pg:~/poc/citus-example-ad-analytics$ git diff config/database.yml
diff --git a/config/database.yml b/config/database.yml
index 3a17508..a7b2302 100644
--- a/config/database.yml
+++ b/config/database.yml
@@ -4,7 +4,11 @@ default: &default
   pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
   username: postgres
   password: postgres
-  port: 5600
+  sslrootcert: 'config/certs/server.crt'
+  sslcert:     'config/certs/server.crt'
+  sslkey:      'config/certs/server.key'
+  sslmode:     'verify-ca'
+  port: 5000
   host: localhost
   timeout: 5000
   variables:
@@ -12,15 +16,17 @@ default: &default

 development:
   <<: *default
-  database: postgres
+  database: citus
+  host: localhost

 test:
   <<: *default
-  database: postgres
+  database: citus
+  host: localhost

 production:
   <<: *default
-  database: postgres
+  database: citus
   username: postgres
   password: postgres
   host: localhost


###
  645  bundle install
  646*
  647  vim config/database.yml
  648  time bundle exec rake db:migrate
  649  time bundle exec rake test_data:load_bulk
  650  time bundle exec rake rollup:initial
  651  time bundle exec rake rollup:initial
  652  bundle exec rails s -b 0.0.0.0 -p 3003
	postgres@pg:~/poc/patroni$ git status
	On branch master
	Your branch is up to date with 'origin/master'.

	Changes not staged for commit:
	(use "git add <file>..." to update what will be committed)
	(use "git restore <file>..." to discard changes in working directory)
	modified: Dockerfile.citus
	modified: docker-compose-citus.yml
	modified: postgres0.yml
	modified: postgres1.yml
	modified: postgres2.yml

	Untracked files:
	(use "git add <file>..." to include in what will be committed)
	ssl-cert-snakeoil.key
	ssl-cert-snakeoil.pem

	no changes added to commit (use "git add" and/or "git commit -a")
	postgres@pg:~/poc/patroni$ pwd
	/var/lib/postgresql/poc/patroni
	postgres@pg:~/poc/patroni$ git remote
	origin
	postgres@pg:~/poc/patroni$ git remote -v
	origin https://github.com/zalando/patroni.git (fetch)
	origin https://github.com/zalando/patroni.git (push)

	#i copied the snake certs from the build to host and then copied them back for each pg container

	postgres@pg:~/poc/patroni$ git diff Dockerfile.citus
	diff --git a/Dockerfile.citus b/Dockerfile.citus
	index 6f02215..59a1988 100644
	--- a/Dockerfile.citus
	+++ b/Dockerfile.citus
	@@ -16,6 +16,17 @@ ARG LANG

	ENV ETCDVERSION=3.3.13 CONFDVERSION=0.16.0

	+COPY ssl-cert-snakeoil.key $PGHOME/
	+COPY ssl-cert-snakeoil.pem $PGHOME/
	+COPY ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.key
	+COPY ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
	+
	+RUN chmod 0640 /etc/ssl/certs/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem
	+RUN chown postgres /etc/ssl/certs/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem
	+
	+
	+WORKDIR $PGHOME
	+
	RUN set -ex \
	&& export DEBIAN_FRONTEND=noninteractive \
	&& echo 'APT::Install-Recommends "0";\nAPT::Install-Suggests "0";' > /etc/apt/apt.conf.d/01norecommend \
	@@ -82,6 +93,10 @@ RUN set -ex \
	> /usr/local/bin/confd && chmod +x /usr/local/bin/confd; \
	fi \
	# Prepare client cert for HAProxy
	+ && cat ${PGHOME}/ssl-cert-snakeoil.key > /etc/ssl/private/ssl-cert-snakeoil.key \
	+ && cat ${PGHOME}/ssl-cert-snakeoil.pem > /etc/ssl/certs/ssl-cert-snakeoil.pem \
	+ && chmod 0640 /etc/ssl/private/ssl-cert-snakeoil.key \
	+ && chmod 0640 /etc/ssl/certs/ssl-cert-snakeoil.pem \
	&& cat /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem > /etc/ssl/private/ssl-cert-snakeoil.crt \
	\
	# Clean up all useless packages and some files
	@@ -171,6 +186,13 @@ COPY extras/confd/conf.d/haproxy.toml /etc/confd/conf.d/
	COPY extras/confd/templates/haproxy-citus.tmpl /etc/confd/templates/haproxy.tmpl
	COPY patroni*.py docker/entrypoint.sh /
	COPY postgres?.yml $PGHOME/
	+COPY ssl-cert-snakeoil.key $PGHOME/
	+COPY ssl-cert-snakeoil.pem $PGHOME/
	+COPY ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.key
	+COPY ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
	+
	+RUN chmod 0640 /etc/ssl/certs/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem
	+RUN chown postgres /etc/ssl/certs/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem

	WORKDIR $PGHOME

	then build multiple pg versions

	docker build -f Dockerfile.citus -t patroni-citus-16 --build-arg="PG_MAJOR=16" .
	docker build -f Dockerfile.citus -t patroni-citus-15 --build-arg="PG_MAJOR=15" .


	# then mix docker-compose with pg16 pg15
	postgres@pg:~/poc/patroni$ git diff docker-compose-citus.yml
	diff --git a/docker-compose-citus.yml b/docker-compose-citus.yml
	index da71c50..4529a3d 100644
	--- a/docker-compose-citus.yml
	+++ b/docker-compose-citus.yml
	@@ -16,7 +16,7 @@ networks:

	services:
	etcd1: &etcd
	- image: ${PATRONI_TEST_IMAGE:-patroni-citus}
	+ image: patroni-citus-15
	networks: [ demo ]
	environment:
	ETCD_LISTEN_PEER_URLS: http://0.0.0.0:2380
	@@ -42,7 +42,7 @@ services:
	command: etcd --name etcd3 --initial-advertise-peer-urls http://etcd3:2380

	haproxy:
	- image: ${PATRONI_TEST_IMAGE:-patroni-citus}
	+ image: patroni-citus-15
	networks: [ demo ]
	env_file: docker/patroni.env
	hostname: haproxy
	@@ -63,7 +63,7 @@ services:
	PGSSLROOTCERT: /etc/ssl/certs/ssl-cert-snakeoil.pem

	coord1:
	- image: ${PATRONI_TEST_IMAGE:-patroni-citus}
	+ image: patroni-citus-15
	networks: [ demo ]
	env_file: docker/patroni.env
	hostname: coord1
	@@ -74,7 +74,7 @@ services:
	PATRONI_CITUS_GROUP: 0

	coord2:
	- image: ${PATRONI_TEST_IMAGE:-patroni-citus}
	+ image: patroni-citus-15
	networks: [ demo ]
	env_file: docker/patroni.env
	hostname: coord2
	@@ -84,7 +84,7 @@ services:
	PATRONI_NAME: coord2

	coord3:
	- image: ${PATRONI_TEST_IMAGE:-patroni-citus}
	+ image: patroni-citus-15
	networks: [ demo ]
	env_file: docker/patroni.env
	hostname: coord3
	@@ -95,7 +95,7 @@ services:


	work1-1:
	- image: ${PATRONI_TEST_IMAGE:-patroni-citus}
	+ image: patroni-citus-15
	networks: [ demo ]
	env_file: docker/patroni.env
	hostname: work1-1
	@@ -106,7 +106,7 @@ services:
	PATRONI_CITUS_GROUP: 1

	work1-2:
	- image: ${PATRONI_TEST_IMAGE:-patroni-citus}
	+ image: patroni-citus-15
	networks: [ demo ]
	env_file: docker/patroni.env
	hostname: work1-2
	@@ -117,7 +117,7 @@ services:


	work2-1:
	- image: ${PATRONI_TEST_IMAGE:-patroni-citus}
	+ image: patroni-citus-16
	networks: [ demo ]
	env_file: docker/patroni.env
	hostname: work2-1
	@@ -128,7 +128,7 @@ services:
	PATRONI_CITUS_GROUP: 2

	work2-2:
	- image: ${PATRONI_TEST_IMAGE:-patroni-citus}
	+ image: patroni-citus-16
	networks: [ demo ]
	env_file: docker/patroni.env
	hostname: work2-2

	docker-compose -f docker-compose-citus.yml up

	....

	postgres@pg:~$ cd /tmp/certs
	postgres@pg:/tmp/certs$ #psql "sslmode=verify-ca sslrootcert=server.crt sslcert=server.crt sslkey=server.key hostaddr=127.0.0.1 port=5000"
	postgres@pg:/tmp/certs$ ls
	server.crt server.key


	###
	postgres@pg:~/poc/citus-example-ad-analytics$ git diff config/database.yml
	diff --git a/config/database.yml b/config/database.yml
	index 3a17508..a7b2302 100644
	--- a/config/database.yml
	+++ b/config/database.yml
	@@ -4,7 +4,11 @@ default: &default
	pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
	username: postgres
	password: postgres
	- port: 5600
	+ sslrootcert: 'config/certs/server.crt'
	+ sslcert: 'config/certs/server.crt'
	+ sslkey: 'config/certs/server.key'
	+ sslmode: 'verify-ca'
	+ port: 5000
	host: localhost
	timeout: 5000
	variables:
	@@ -12,15 +16,17 @@ default: &default

	development:
	<<: *default
	- database: postgres
	+ database: citus
	+ host: localhost

	test:
	<<: *default
	- database: postgres
	+ database: citus
	+ host: localhost

	production:
	<<: *default
	- database: postgres
	+ database: citus
	username: postgres
	password: postgres
	host: localhost



	###
	645 bundle install
	646*
	647 vim config/database.yml
	648 time bundle exec rake db:migrate
	649 time bundle exec rake test_data:load_bulk
	650 time bundle exec rake rollup:initial
	651 time bundle exec rake rollup:initial
	652 bundle exec rails s -b 0.0.0.0 -p 3003